将设为首页浏览此站
收藏本站联系我们相册切换到窄版

易陆发现互联网技术论坛

 找回密码
 开始注册
易陆发现互联网技术论坛»首页 云计算开源区 neutron网络 openstack - 安全组管理命令介绍
查看: 4111|回复: 0
收起左侧

openstack - 安全组管理命令介绍

[复制链接]
admin
发表于 2018-11-5 22:57:45 | 显示全部楼层 |阅读模式

马上注册,结交更多好友,享用更多功能,让你轻松玩转社区。

您需要 登录 才可以下载或查看,没有账号?开始注册

x
1.如何创建自定义安全组?" H( I$ {, Q: x2 O0 s5 p  ~
2.如何查看安全组?
( e/ e/ `* I5 b3.如何列出组中安全规则?
% }' Y9 D- z7 `4.如何实现增加规则方法 (允许 ping)?
. v  i0 M) j# X1 A2 ?
2 L# a: ]1 D) S" Z" M# t5 J9 B6 D  _% U
注: 已通过测试, 修改默认 secgroup 或自定义 secgroup 都可以完成数据访问测试/ \+ x- U( u9 `! v/ G) Q
帮助$ E; P6 O5 m9 k" H1 W  D9 P6 ?% C

2 `' m" u1 @' A
  R# O- D, R) Y3 T! k0 b, c" Y
+ v+ \' E$ Q) \( L/ C3 C  ~; c0 d- U# F- L0 \: G  ~3 u
7 _; [( u5 N7 P8 R

* J! d( Z, K9 F+ O# j% J  |
5 }( F0 L1 `* ]9 z/ q! V* L( {; n. v, i& A/ C/ A$ A

3 X7 U+ i( ]* B" M5 v7 r
& {) u: F9 v+ e+ t$ B) f
+ N' C$ _# i4 _! _
( B4 G; s5 {$ r$ ^1 \; P+ _8 W$ Z+ L" [2 Q1 x3 O- w

( l$ M; F$ j4 g, ^$ O. D' ]
7 j" L7 k8 Y- O. M  V" b0 p
* E  O1 B' Q/ K8 W  d4 ^0 i( ?7 l1 m6 M/ X: ?6 I3 v

. n* A; p. ~( {+ d& X  y) ~6 `* j$ e. e! Y% z

! ~2 l, K' u, `* S- k, e1 l1 H! |6 q6 o4 j1 q. ]
; W; @& ]' V! U5 s3 \
  z5 ?9 K3 K  V, F9 g+ o

% D0 K  O, O, _1 d' h$ ]* U7 X9 P" h. e. \

+ w+ L- g+ }9 g7 j6 P& x) s' O) q( Z
1 w  p) |" f. `+ b2 T; P! E8 ]
& {) R# V9 B- W" @: M. D

6 g4 P( ^# \4 m  U. ~; ?

3 @5 x/ ?6 U& U
[root@station140 ~(keystone_admin)]# nova help | grep secgroup
0 h1 T+ w2 O! A, \" Z7 m5 E1 Z
add-secgroup Add a Security Group to a server.

. n* [2 Q, v6 G# a. n- E
list-secgroup List Security Group(s) of a server.
  _& M; I. }, _% @  \+ v
remove-secgroup Remove a Security Group from a server.

4 z" A# h' a4 @# l2 Z0 Y
secgroup-add-group-rule
# z$ X2 J  v1 ~; }! O
secgroup-add-rule Add a rule to a security group.
; V) D5 e1 e( U1 b7 M8 F
secgroup-create Create a security group.

  T& V6 ?# ]' R  a+ |& {) R, o+ T
secgroup-delete Delete a security group.

1 {: e. f6 [' x# ^8 c
secgroup-delete-group-rule
: j! u# f$ b% o, Q2 ~$ [' W+ M
secgroup-delete-rule
' s& m3 U6 Y' e& e! J
secgroup-list List security groups for the current tenant.
3 c  R3 ?. l  K  p7 ~3 N" n" w3 w
secgroup-list-rules
/ a" [; y4 Q' u- I6 `
secgroup-update Update a security group.

% j: f, e8 ]0 ]
- V/ W; Q4 h1 G
2 H- s! u) ?$ v& K0 P
创建自定义安全组
; ^0 k0 P. U" D% k
[root@ ]# nova secgroup-create terry "allow ping and ssh"
6 J  O5 O% `! R6 p9 `- r- x
+--------------------------------------+-------+--------------------+
3 _. P* e% y( e+ x% |( W
| Id | Name | Description |

! @" `5 K6 c1 f1 s
+--------------------------------------+-------+--------------------+
5 m6 ^  @$ t+ \- {& y0 o: u
| 6966a8e4-0980-40ad-a409-baac65b60287 | terry | allow ping and ssh |

# Z! P+ R+ w+ J- x
+--------------------------------------+-------+--------------------+
+ S5 Q( k3 j$ G

) _! T# D3 }0 U& h
& d0 C; i- H, Y  B- K/ ]2 y

* o# g. t! b1 j2 d4 s& g, j

6 ~1 s$ r3 ^8 n. b5 @) x

* o) f0 x9 H3 |& ?% R列出当前所有安全组
5 ^4 j/ O3 P+ m! v- x9 }3 Q. m
% ^* t5 E6 v  x# c( L2 x+ X
& N- q: u3 X: B- W) p
1 r$ I2 o" }* V6 [) n7 k
+ D# I/ _" U; m1 _: z
! a6 g& J  X) ?3 [$ R" T  R
[root@ ]# nova secgroup-list

$ {# {: A' `2 U) |8 c  j
+--------------------------------------+---------+--------------------+
$ M6 C8 o" S# _9 n7 o; ]
| Id | Name | Description |
2 ^% _1 S0 l; `. h
+--------------------------------------+---------+--------------------+
2 y2 k/ ?0 C6 y! }8 i
| 91a191a6-b89e-4f87-99c0-0fb985985978 | default | default |
# n' e7 E2 ^) @
| 6966a8e4-0980-40ad-a409-baac65b60287 | terry | allow ping and ssh |

7 Z4 {5 V: Q0 J7 _0 r1 }3 P
+--------------------------------------+---------+--------------------+

1 g% ]% H. b- m) s* ~6 J. {3 i
, O$ G8 D# }3 |* L4 ]2 c
列出某个组中的安全规则
# nova secgroup-list-rules default
8 ?4 R5 C6 v" ^! _5 [4 K0 ~; ?
+-------------+-----------+---------+----------+--------------+

' d9 D8 r6 k* K
| IP Protocol | From Port | To Port | IP Range | Source Group |
" w! |/ f5 ?  `! m) s+ U6 c  o
+-------------+-----------+---------+----------+--------------+

7 M4 n/ a9 p: S- Q
| | | | | default |

5 C+ B# `: x. o) ]2 K, B
| | | | | default |
$ ]! {$ ]+ ~) G, f; e; Q
+-------------+-----------+---------+----------+--------------+
- n' k( k: M+ k; Z' \
! u( H9 [) Z, ^7 f8 {8 }
增加规则方法 (允许 ping)+ F- I/ u4 L7 G9 f
2 b) L" l/ |: _9 B9 ?
( [# @5 g$ [0 p/ Z% G  v
$ b$ j3 i. j- w5 p- ?
" ~; y( R3 f/ B. ^. r8 ]( x" O( \

! D/ C, O1 X$ c' h6 }8 H) h- K. K  L* y' v

( W% ^- ]8 N, U: \1 z1 ^+ b+ z6 N4 G! P% m9 E( E- T; V
6 M( F5 q6 B8 B9 t% p! l

" S" x' v# m+ s5 U1 v; G) R3 G

, U9 N! v2 m* b9 I# A. n! s
0 G, d% m( k$ g6 S) ^
# e2 ~+ x1 i+ D% b, P! m9 q: J
. J. ]4 P0 R/ ^! }! }
# nova secgroup-add-rule terry icmp -1 -1 0.0.0.0/0

/ S* F# q& e8 ?; Q
+-------------+-----------+---------+-----------+--------------+

7 z: Y* a- Y. J
| IP Protocol | From Port | To Port | IP Range | Source Group |

* O% V: s% Y& V- D. H
+-------------+-----------+---------+-----------+--------------+

$ R4 U5 I' G+ r1 w
| icmp | -1 | -1 | 0.0.0.0/0 | |

! l# C" K! O" l+ V3 J9 `. T
+-------------+-----------+---------+-----------+--------------+
+ v( g- _  E/ E# Q( A
1 R! t0 c7 z+ ]
增加规则方法 (允许 ssh); B7 H" a3 v- ]- v4 m8 _) e* S

3 A. {3 s; T+ Y: {. B6 q. _7 B
9 Y- {# A0 _7 s- N; X

; N2 W% k' Y- z2 \! u6 Q3 W1 @6 p& T+ k4 _  V
# nova secgroup-add-rule terry tcp 22 22 0.0.0.0/0
/ E& b# R9 F( ]9 `  k  L( ^% v! G& M
+-------------+-----------+---------+-----------+--------------+
$ A- C" O3 K) h& x
| IP Protocol | From Port | To Port | IP Range | Source Group |
4 b  m" g) N; D; {4 S
+-------------+-----------+---------+-----------+--------------+

6 B8 C3 @( u2 V% w# |4 Z
| tcp | 22 | 22 | 0.0.0.0/0 | |

% l7 M" u  M- x% A2 q4 |
+-------------+-----------+---------+-----------+--------------+

. ~5 o3 K5 I+ x# @0 t9 B9 J0 W4 z3 X1 m5 W
增加规则方法 (允许 dns 外部访问)$ {: k# @2 ^3 F% e* V0 s
$ ^- c5 R/ i" O; j- ^8 V  ^
# nova secgroup-add-rule terry udp 53 53 0.0.0.0/0
' n8 R8 n1 y- p/ H/ S
+-------------+-----------+---------+-----------+--------------+
3 ]) M; D6 U0 c/ Y1 H
| IP Protocol | From Port | To Port | IP Range | Source Group |

0 V$ x  |7 K' W" `6 `- A
+-------------+-----------+---------+-----------+--------------+

1 X* }) `( Y3 t7 S" _, s
| udp | 53 | 53 | 0.0.0.0/0 | |
5 H* c& c6 @( W3 t
+-------------+-----------+---------+-----------+--------------+

+ g5 k2 ^( p" r) t1 a3 w
1 X9 H/ S0 J# p$ d* Q; d/ a! Z列出自定义组规则7 T1 c8 v% C4 s5 f! }6 k
: O+ [( q& u9 h9 v! s2 X
' h# j3 K% ?0 \, ]& D
# nova secgroup-list-rules terry

* C' D# }$ M" n
+-------------+-----------+---------+-----------+--------------+

2 S, l% Q( _( P, E" E- Y
| IP Protocol | From Port | To Port | IP Range | Source Group |

* R- I. p4 r; F6 T  ?
+-------------+-----------+---------+-----------+--------------+

. @5 p) Z' h, c; Y- c# Q
| tcp | 22 | 22 | 0.0.0.0/0 | |

, K' l0 v9 b' f1 [
| udp | 53 | 53 | 0.0.0.0/0 | |
  Y5 V4 ?/ n0 N0 p
| icmp | -1 | -1 | 0.0.0.0/0 | |
( ]( U2 O  E, \! ]; C  i  j
+-------------+-----------+---------+-----------+--------------+
3 l5 a* w  B! i' f; h

" J5 y  ~1 U0 S: ]( K尝试修改 default secgroup
, v3 ^/ C! ?3 a: Z1 t+ H列出 default secgroup 规则) e& y" s& |3 s/ f- V& W: M
# nova secgroup-list-rules default

# p! B4 |5 j0 o4 z
+-------------+-----------+---------+----------+--------------+
3 u. l7 @; J- ^% k6 j5 X
| IP Protocol | From Port | To Port | IP Range | Source Group |

$ B3 D+ b: J3 o  t  v( q' A
+-------------+-----------+---------+----------+--------------+
8 w2 M, I+ V# ?2 a1 P8 g# O& N
| | | | | default |

/ H- ^2 O( |; S$ x- `& {8 p  E
| | | | | default |

+ Q1 Q4 k/ h) \3 P% E5 b
+-------------+-----------+---------+----------+--------------+

: M7 U" d& |7 g
: U8 U' `/ K0 J: f7 j$ S添加规则 (允许 ping)
+ B& b0 _7 K. ~* k: G+ M2 [& a5 [" n7 E
- i1 @7 R( O) U* t8 w

+ F, v# _* S, W5 P6 H; ]8 I( ~7 Z+ m* x/ B* V1 M# C8 R2 O; R/ C

$ t) Z" P9 l8 y" O3 ^
# nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0

: K7 E2 d; @) ?# {- L
+-------------+-----------+---------+-----------+--------------+

- U4 H- U# p+ f' T6 ^' x
| IP Protocol | From Port | To Port | IP Range | Source Group |
- g$ C% F) P1 T( p4 ]. l, A2 i
+-------------+-----------+---------+-----------+--------------+
5 R* ~. g# ?, o
| icmp | -1 | -1 | 0.0.0.0/0 | |

: X# T$ w# U. ^$ O6 o
+-------------+-----------+---------+-----------+--------------+
: l- V, F; k* _/ Y  d$ q, B$ C
添加规则 (允许 ssh)
: x4 A' h  F/ I
# nova secgroup-add-rule default tcp 22 22 0.0.0.0/0

0 {# k# c' f. V' j; @  h" N3 ^
+-------------+-----------+---------+-----------+--------------+
3 `: D  |7 M$ X5 n: q# T
| IP Protocol | From Port | To Port | IP Range | Source Group |

! ?) x* t; l9 @. z9 q4 }
+-------------+-----------+---------+-----------+--------------+
! s; V3 r+ P' S. @$ o( |1 G- Q. V
| tcp | 22 | 22 | 0.0.0.0/0 | |

$ `; n# K3 `/ L. J, T
+-------------+-----------+---------+-----------+--------------+

7 ]# G7 t9 m( c添加规则 (允许 dns外部访问)
9 T, f( O9 ?1 ^* G* x# R8 S* l3 V0 U6 K: y( a3 P

# e! a# B2 q9 M  }9 |+ E4 Y2 h6 t) ^9 I3 B3 S# v# l9 Y* d
5 x# @6 \0 d7 K4 F2 a
' q0 p' j- S/ d  E/ `
# nova secgroup-add-rule default udp 53 53 0.0.0.0/0

9 E- \6 H; s5 p7 d8 H4 m: C8 n& L
+-------------+-----------+---------+-----------+--------------+
- ^2 @4 Y1 R3 r+ A: G: ~
| IP Protocol | From Port | To Port | IP Range | Source Group |
0 s# p! w2 w' w" r( p# x- S2 b
+-------------+-----------+---------+-----------+--------------+
$ a8 _0 c( e/ N0 m% g1 O9 P% p+ F2 H1 f
| udp | 53 | 53 | 0.0.0.0/0 | |
: M0 `/ G3 U# Z' ^5 v3 a( q$ I
+-------------+-----------+---------+-----------+--------------+
. r" D, I0 N$ m5 v. T5 T- X7 v
) a$ y( w* |8 @  Z

0 l  B7 h3 E& p: s3 D$ Z4 Y' {2 X/ A列出默认组规则% Y4 {+ ?# V/ p  ?7 Z' w& ^

4 ^% k( @+ u! i. t, C6 u( [6 ]
: E8 K9 U" u; M+ e; u. ]4 [* Q3 F2 y  ^3 Z' r% V6 R" w* ]3 z
+ P* j* K8 C( u) C7 B. u

# C6 K2 E, ?: G6 _* |9 R* Y1 `8 a: S) a5 z8 D& \

" L  B' M9 J0 |
# nova secgroup-list-rules default
2 S2 R3 v( l# s
+-------------+-----------+---------+-----------+--------------+
3 U; ^* o  c5 \5 c& p  K
| IP Protocol | From Port | To Port | IP Range | Source Group |
$ G2 {1 V* a" ?
+-------------+-----------+---------+-----------+--------------+

( W3 c. K- X0 ~/ D  ]/ B
| | | | | default |
3 R9 ~4 q; |+ O8 P8 K# f
| icmp | -1 | -1 | 0.0.0.0/0 | |
* M$ l( S  j1 \" }; O1 N: s
| tcp | 22 | 22 | 0.0.0.0/0 | |

9 V5 n5 S' p  D9 B. }
| | | | | default |

* ?9 U' p, M8 d% `" L3 e  ~7 r
| udp | 53 | 53 | 0.0.0.0/0 | |

# o& U: @5 S8 m$ s
+-------------+-----------+---------+-----------+--------------+
+ z! v2 Y5 n9 A0 b

+ w* @; V- C1 z" P删除某个实例, 使用中的规则) |% x9 D. j8 k
# `" f: @% _$ ^0 S( l$ c( J
6 B% g  R) h* f
5 K% k# R0 S9 e$ q: y! g

' V: Q% t8 N- R( D4 E7 b
2 F) H: ~4 i* A
nova remove-secgroup terry_instance1 terry
3 \" N" \2 E5 h+ i+ x

) V: D. Q! A( h2 N0 w" @
; _+ I4 k% s3 w7 A" R
( R7 n4 w& [1 E
& w( _* f' S, W2 _; T
注: 在虚拟机启动后, 无法在增加其他规则
6 K- u* V, E7 T1 z& G& `/ W; f( D/ t  f. H2 K& Z# x4 ~: \
5 k1 M4 I, @+ O! y1 u& Z8 q8 [

/ `6 E4 k1 z" c  V- r" P& s2 q) I
0 ^) Q9 m# k4 k2 p  C0 \9 a

7 i, y& y$ g8 F5 d: e" T- a
+ Y( ^# }5 p4 X4 u4 A+ i
# `: u0 q7 j! x2 I) E- k6 v$ O  z

3 V0 k, D# @! z8 d/ A# y5 \2 {  H! S$ `  m1 u) I1 Q! H
6 O3 s! \8 z# H$ @% K3 v

* E: Z5 n( M% t, o# X7 e  \+ x& R; w2 ~4 I- t% e( }; B% A" P
  a: V5 g: ^: d; G9 O: n
: w5 }& d* F8 r$ d
0 ]% O( b' G- ^6 c

( ~( V( `0 a: S* N) E# S+ P4 G3 T3 S9 N; R6 k
. n9 A3 n: o& ]% v$ h/ Y% D

, M! E" e# _9 i$ l! d  f" B% ?% N4 I0 n  D( N3 b2 ]
+ i6 ^' W. T' _

. R3 }- y2 r! O  \; ~# e
/ _- v! v7 j& M: J- t, H0 ^
回复

使用道具 举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 开始注册

本版积分规则

关闭

站长推荐上一条 /4 下一条

北京云银创陇科技有限公司以云计算运维,代码开发

QQ|返回首页|Archiver|小黑屋|易陆发现技术论坛 点击这里给我发消息

GMT+8, 2026-4-8 12:08 , Processed in 0.081388 second(s), 22 queries .

Powered by Discuz! X3.4 Licensed

© 2012-2025 Discuz! Team.

快速回复 返回顶部 返回列表